github-advanced-security[bot] commented on code in PR #2050:
URL: https://github.com/apache/libcloud/pull/2050#discussion_r1976629285
##########
libcloud/common/gandi.py:
##########
@@ -147,7 +152,8 @@
same UUID!
"""
hashstring = "{}:{}:{}".format(self.uuid_prefix, self.id,
self.driver.type)
- return hashlib.sha1(b(hashstring)).hexdigest()
+
+ return hashlib.sha1(b(hashstring)).hexdigest() # nosec
Review Comment:
## Use of a broken or weak cryptographic hashing algorithm on sensitive data
[Sensitive data (id)](1) is used in a hashing algorithm (SHA1) that is
insecure.
[Show more
details](https://github.com/apache/libcloud/security/code-scanning/30)
##########
libcloud/common/nfsn.py:
##########
@@ -70,22 +73,25 @@
salt = self._salt()
api_key = self.key
data = urlencode(data)
- data_hash = hashlib.sha1(data.encode("utf-8")).hexdigest()
+ data_hash = hashlib.sha1(data.encode("utf-8")).hexdigest() # nosec
string = ";".join((login, timestamp, salt, api_key, action, data_hash))
- string_hash = hashlib.sha1(string.encode("utf-8")).hexdigest()
+ string_hash = hashlib.sha1(string.encode("utf-8")).hexdigest() # nosec
Review Comment:
## Use of a broken or weak cryptographic hashing algorithm on sensitive data
[Sensitive data (id)](1) is used in a hashing algorithm (SHA1) that is
insecure.
[Show more
details](https://github.com/apache/libcloud/security/code-scanning/31)
##########
libcloud/compute/drivers/cloudsigma.py:
##########
@@ -2196,21 +2287,23 @@
# find image name and boot drive size
image = None
drive_size = 0
+
for item in extra["drives"]:
if item["boot_order"] == 1:
drive = self.ex_get_drive(item["drive"]["uuid"])
drive_size = drive.size
image = "{} {}".format(
drive.extra.get("distribution", ""),
drive.extra.get("version", "")
)
+
break
# try to find if node size is from example sizes given by CloudSigma
try:
kwargs = SPECS_TO_SIZE[(extra["cpus"], extra["memory"],
drive_size)]
size = CloudSigmaNodeSize(**kwargs, driver=self)
except KeyError:
id_to_hash = str(extra["cpus"]) + str(extra["memory"]) +
str(drive_size)
- size_id = hashlib.md5(id_to_hash.encode("utf-8")).hexdigest()
+ size_id = hashlib.md5(id_to_hash.encode("utf-8")).hexdigest() #
nosec
Review Comment:
## Use of a broken or weak cryptographic hashing algorithm on sensitive data
[Sensitive data (password)](1) is used in a hashing algorithm (MD5) that is
insecure for password hashing, since it is not a computationally expensive hash
function.
[Show more
details](https://github.com/apache/libcloud/security/code-scanning/29)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
